This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set

From: "bugeaud at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: 28 May 2010 22:11:34 -0000
Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
References: <20100528162846.11643.bugeaud@gmail.com>
Reply-to: sourceware-bugzilla at sourceware dot org

------- Additional Comments From bugeaud at gmail dot com  2010-05-28 22:11 -------
My understanding is that, when AT_SECURE is set it is up to the glibc to decide 
what to do with it, and as in the example given UID=EUID there is no superuser 
escalation possible. So $ORIGIN chould be safe, as the only extra feature granted 
on the process is set using the capabilities (file system level granted by root) 
and no other capabilities can be added by the user.

In that context, this means that when AT_SECURE is set glibc should perform its 
own check. Something like : if EUID==UID then grantOriginEscaping else 
forbidOriginEscaping

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |


http://sourceware.org/bugzilla/show_bug.cgi?id=11643

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

References:
- [Bug libc/11643] New: ldopen failing with relative path ($ORIGIN) when a capability is set
  - From: bugeaud at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]